PatchSiren cyber security CVE debrief
CVE-2023-43522 Qualcomm, Inc. CVE debrief
CVE-2023-43522 affects multiple Siemens SCALANCE W700 wireless devices and can cause a transient denial of service during key unwrapping when the encrypted key is empty or NULL. The advisory rates the issue HIGH with CVSS 3.1 base score 7.5 because it is network-reachable, requires no privileges or user interaction, and impacts availability. Siemens lists update to V3.0.0 or later as the fix for the affected product set.
- Vendor
- Qualcomm, Inc.
- Product
- SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
OT and ICS operators, Siemens SCALANCE W700 owners, and network administrators responsible for wireless infrastructure in industrial environments should prioritize this advisory, especially where the listed SCALANCE WAB/WAM/WUB/WUM variants are deployed.
Technical summary
According to the Siemens and CISA advisory material, the flaw is a transient DoS condition in the key unwrapping process triggered when the supplied encrypted key is empty or NULL. The affected inventory includes 19 Siemens SCALANCE product variants, and the documented remediation is to update to V3.0.0 or later. No confidentiality or integrity impact is stated in the source; the advisory and CVSS vector indicate availability-only impact.
Defensive priority
High for exposed or operationally critical deployments. The issue is remotely reachable and can interrupt availability, so it should be scheduled for prompt remediation in accordance with maintenance constraints.
Recommended defensive actions
- Identify whether any of the listed Siemens SCALANCE W700 product variants are deployed in your environment.
- Prioritize upgrading affected devices to V3.0.0 or later using Siemens' remediation guidance.
- Validate patching in a maintenance window appropriate for OT availability requirements.
- Inventory and document affected assets so exposure can be tracked across sites and segments.
- Apply defense-in-depth controls recommended by CISA for industrial control systems, including segmentation and monitored access paths.
- Monitor vendor and CISA advisories for any follow-on revisions or additional remediation notes.
Evidence notes
The description, CVSS vector, affected product list, and remediation come from the CISA CSAF advisory ICSA-25-044-09 and Siemens reference materials. The CVE was published on 2025-02-11 and revised on 2025-05-06 for typo fixes only, per the supplied timeline. The supplied source corpus lists 19 affected Siemens SCALANCE product variants and a vendor fix of V3.0.0 or later.
Official resources
-
CVE-2023-43522 CVE record
CVE.org
-
CVE-2023-43522 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory first published on 2025-02-11 (ICSA-25-044-09 / Siemens SSA-769027). The source was revised on 2025-05-06 with typo-only changes. No KEV listing is indicated in the supplied data.